Remote desktop behind ICS?

[Carlos Albert]

Hi guys,

I have a little home network, with a computer (A) running ICS to other two
computers, (B and C)
So far so good, but now I would like to connect via remote desktop to
computers A, B or C.
To computer A connects flawlessly.
Tried going to the internet broadband connection properties -> Internet
Connecion Sharing Settings -> and create a Remote Desktop service rule,
forwarding port xxxx to computer B (or C), port 3389. No luck so far, just
says it can't find anything when in Remote desktop I try to connect to
external_ip_address:xxxx

PS: Yeah, I know is more a connectivity question, but didn't know where to
post it =S

 

[Sooner Al [MVP]]

Are you running any firewall software on B and C that may be blocking the
connection?

Can you connect from another PC on your LAN to the PC you want to connect
to, ie. from B to C for example?

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Carlos Albert]

Hello,

No, I'm not running any soft that can block my connection. I'm running a
firewall but is all configured to allow RDP. I also tried disabling it with
the same luck.

And yes, I can connect A->B, B->C, C->A without any problem. The only
problem is when I try to connect from the outside.

 

[Sooner Al [MVP]]

So both B and C have static private LAN IP addresses, correct?

When you forward TCP Port 3389 on A to B, what happens if you log onto to B
and go to the http://www.canyouseeme.org site and test on port 3389?

When you test using the public IP of A in order to access B are you at a
remote location? Its not a valid test to be on A or C and call B using the
public IP of A.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Carlos Albert]

Yes, the have static private LAN IP.

Using ICS languaje, I would say I forward "external" port XXXX to "internal"
port 3389 on machine B. Tried using machine name and IP address.

www.cayouseeme.org says that port 3389 is ok (machine A), but the others
not. The firewall log says is allowing the connections.

I'm not sure I'm following you. I try to connect remotely (computer x) to
computer A and works. And between A, B, or C (locally) works too. Doesn't
work from X to B or C.... :S

I'm sure I'm doing something wrong in the ICS, or the ICS is doing something
wrong, but can't find what.

 

[Carlos Albert]

Note: I tried to do the same with virtual machines (using VMware and VMNAT)
and works flawlessly, definitively is some kind of problem with de
ICS/network.

 

[Sooner Al [MVP]]

Try port forwarding (verus port redirection) as illustrated on this page in
the "Registry Change Method (Option 2)" section... You will need to change
the listening port on B and C to something other than TCP Port 3389. Note
the warnings on the page...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

That was written for ICF on XP SP1, but should work for the XP SP2 Windows
Firewall.

Your remote test from X is valid as long as X is not local to your LAN. Also
the canyouseeme test failing also points to a firewall issue on A as you
know...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Carlos Albert]

Tnx! That worked, didn't thougt of changing remote desktop port number...

Thoug I wonder why port redirection didn't work...

Do you know why in Remote Desktop Connection you can't connect to
computer_nameort but you have to connect to ip_addressort?

 

[Sooner Al [MVP]]

You might try both enabling NetBIOS over TCP/IP in the properties section
for the NICs in each of your PCs...

http://www.practicallynetworked.com/sharing/troubleshoot/netbt.htm

....and using a "hosts" file to map local LAN IP addresses to host names. I
have a hosts file on each of my desktop PCs and my laptop. You can see an
example of my hosts file on this page...

http://theillustratednetwork.mvps.org/LAN/The_Illustrated_Network.html

As an added note you might find it easier and more secure to run Remote
Desktop (RDP) to all three of your PCs through a VPN or SSH tunnel. You
would only need to open one port on the firewall and still have access to
all three PCs with RDP or for file access. This *FREE* SSL solution is easy
to setup and use. Use a *strong* password. In this case you only need TCP
Port 443 open on the firewall. This solution includes built-in support for
RDP.

http://3sp.com/showSslExplorer.do

Read the reference guide and the quick start guide closely...

http://sourceforge.net/projects/sslexplorer/

I used a SSH method to access my home LAN at one time...

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/RemoteDesktopVNCandSSH.html

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Carlos Albert]

Hey, that sounds interesting... will take a serious look at it.
Maybe I ask you later if I have issues setting it. =)

Tnx for everything!

 

[Carlos Albert]

I wonder... in between all your knowledge
....do you happen to have any knowledge of Software VPN?
Honestly, I want to test how VPN works, but don't have the hardware =P

 

[Sooner Al [MVP]]

Both the SSL-Explorer and SSH are examples of a software VPN solution.
Another is the built-in PPTP VPN server/client in XP.

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

Here is another example of a SSL VPN solution...

http://openvpn.net/

Lastly a SSH server and client that I used before my primary desktop died
last week...It was the SSH server PC...

http://www.itefix.no/phpws/index.ph...er_op=view_page&PAGE_id=12&MMN_position=22:22
http://www.bitvise.com/tunnelier.html

In my case I used a 2048-bit private/public RSA key pair for authentication
(with a strong pass phrase) versus a password (strong or otherwise).

All are examples of software VPN solutions...no extra hardware needed...and
perfect for the home user to experiment with and/or use...

I have had issues with the MS PPTP VPN simply because of support with
routers I have owned. If your using ICS then opening TCP Port 1723 to the
PPTP VPN server PC should alleviate the issues I had. The issues were
primarily with GRE Protocol 47 traffic which is handled automatically by ICS
when port 1723 is opened. With the routers GRE Protocol 47 traffic through
the router can be problematic usually because of the firmware installed.
Some work and some simply do not. Its kind of a crap shoot in my experience.
My work around has been to use either SSL-Explorer or SSH to access my home
LAN.

Note that except for the XP PPTP VPN solution, that they all have dedicated
support forums or mailing lists. If you have questions concerning issues
with those programs its more appropriate to post to their forums for help...

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...